From 26b9ba5f8cca0add73d36c0d593e41ca628837a4 Mon Sep 17 00:00:00 2001
From: Eshan Kelkar <eshankelkar@galorithm.com>
Date: Mon, 18 Aug 2025 17:15:57 -0500
Subject: [PATCH] bugfix: test presence of before_connection before
 dereferencing

A proxyjump callback structure consists of three callbacks
as of this writing: before_connection, authenticate and
verify_knownhost. One or more of these callbacks can be
set as NULL by the user to indicate that libssh should use
the defaults.

The code checked the presence of the callback stucture but
not whether before_connection was available or not (non NULL)
before dereferencing it.

This could lead to undefined behaviour if the user specifies
say authenticate and verify_knownhost for a jump host but not
before_connection.

This commit fixes the code to add a check for before_connection
being non NULL before trying access it.

Signed-off-by: Eshan Kelkar <eshankelkar@galorithm.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/socket.c b/src/socket.c
index d52ccf11..2eccfa90 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -1325,7 +1325,7 @@ jump_thread_func(void *arg)
     cb = ssh_list_pop_head(struct ssh_jump_callbacks_struct *,
                            jump_session->opts.proxy_jumps_user_cb);
 
-    if (cb != NULL) {
+    if (cb != NULL && cb->before_connection != NULL) {
         rc = cb->before_connection(jump_session, cb->userdata);
         if (rc != SSH_OK) {
             SSH_LOG(SSH_LOG_WARN, "%s", ssh_get_error(jump_session));